Over one-third of organisations that experienced a security breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20 percent.
According to the Cisco’s 2017 Annual Cybersecurity Report (ACR) report, ninety percent of these organisations are improving threat defense technologies and processes after attacks by separating IT and security functions (38 percent), increasing security awareness training for employees (38 percent), and implementing risk mitigation techniques (37 percent).
The report comes at a time when the world is marking February 7 as Safer Internet Day to address the increasing security breaches witnessed in the world today. As India gets ready to go digital, security is a big issue that it needs to address.
Global Internet companies like Google are also tweeting with #SaferInternetDay and urging users to take necessary measures to review their accounts.
The report surveyed nearly 3,000 chief security officers (CSOs) and security operations leaders from 13 countries in the Security Capabilities Benchmark Study, part of the Cisco ACR.
The Cisco global report highlights challenges and opportunities for security teams to defend against the relentless evolution of cybercrime and shifting attack modes. CSOs cite budget constraints, poor compatibility of systems, and a lack of trained talent as the biggest barriers to advancing their security postures. Leaders also reveal that their security departments are increasingly complex environments with 65 percent of organisations using from six to more than 50 security products, increasing the potential for security effectiveness gaps.
To exploit these gaps, ACR data shows criminals leading a resurgence of “classic” attack vectors, such as adware and email spam, the latter at levels not seen since 2010. Spam accounts for nearly two-thirds (65 percent) of email with eight to 10 percent cited as malicious. Global spam volume is rising, often spread by large and thriving botnets.
In 2016, hacking became more “corporate.” Dynamic changes in the technology landscape, led by digitisation, are creating opportunities for cybercriminals. While attackers continue to leverage time-tested techniques, they also employ new approaches that mirror the “middle management” structure of their corporate targets.
The 2017 ACR reports that just 56 percent of security alerts are investigated and less than half of legitimate alerts remediated. Defenders, while confident in their tools, battle complexity and manpower challenges, leaving gaps of time and space for attackers to utilise to their advantage.
“In 2017, cyber is business, and business is cyber –that requires a different conversation, and very different outcomes. Relentless improvement is required and that should be measured via efficacy, cost, and well managed risk. The 2017 Annual Cybersecurity Report demonstrates, and I hope justifies, answers to our struggles on budget, personnel, innovation and architecture,” said John N. Stewart, Senior Vice President and Chief Security and Trust Officer, Cisco.